# Build Stage FROM golang:1.21-alpine AS build # Install necessary packages including CA certificates RUN apk --no-cache add ca-certificates tzdata git curl WORKDIR /src # Copy go mod files first for better caching COPY go.mod go.sum ./ # Download dependencies RUN go mod download # Copy source code COPY . . # Build the application RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o /app cmd/server/main.go # Development Stage FROM golang:1.21-alpine AS development # Install air for live reload and other dev tools RUN go install github.com/cosmtrek/air@latest # Install necessary packages RUN apk --no-cache add ca-certificates tzdata git curl WORKDIR /app # Copy go mod files COPY go.mod go.sum ./ RUN go mod download # Copy source code COPY . . # Set timezone ENV TZ=Asia/Jakarta # Expose port EXPOSE 3300 # Use air for live reload in development CMD ["air", "-c", ".air.toml"] # Migration Stage FROM build AS migration # Install migration tool RUN go install -tags 'postgres' github.com/golang-migrate/migrate/v4/cmd/migrate@latest WORKDIR /app # Copy migration files COPY migrations ./migrations COPY infra ./infra # Set the entrypoint for migrations ENTRYPOINT ["migrate"] # Production Stage FROM debian:bullseye-slim AS production # Install minimal runtime dependencies + Chrome, Chromium, and wkhtmltopdf for PDF generation RUN apt-get update && apt-get install -y \ ca-certificates \ tzdata \ curl \ fontconfig \ wget \ gnupg \ && wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \ && echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list \ && apt-get update \ && apt-get install -y google-chrome-stable chromium wkhtmltopdf \ && rm -rf /var/lib/apt/lists/* # Create non-root user for security RUN groupadd -r appuser && useradd -r -g appuser appuser # Copy the binary COPY --from=build /app /app # Copy configuration files COPY --from=build /src/infra /infra # Change ownership to non-root user RUN chown -R appuser:appuser /app /infra # Set timezone ENV TZ=Asia/Jakarta # Expose port EXPOSE 3300 # Health check HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \ CMD curl -f http://localhost:3300/health || exit 1 # Switch to non-root user USER appuser # Set the entrypoint ENTRYPOINT ["/app"]